<?php 
$ten = sql_quote($_POST["Hoten"]);
$user = sql_quote($_POST["Username"]);
$pass = sql_quote($_POST["Password"]);
$email = sql_quote($_POST["Email"]);
$diachi = sql_quote($_POST["Diachi"]);

$sql = "INSERT INTO sinh_vien(Hoten, Username, Password, Email, Diachi) VALUES('$ten', '$user','$pass', '$email', '$diachi')";
$result = mysql_query($sql);

if($result)
   echo "Thêm mới Sinh viên thành công";
else 
   die(mysql_error()); 
   
function sql_quote( $value ){

   
    // kiem tra thiet lap trong file php.ini (bien ten la magic_quotes_gpc), 
	if( get_magic_quotes_gpc() ) //neu tra ve 1 -> tu la magic_quotes_gpc = ON
	{
	    //để loại bỏ các dấu \
		$value = stripslashes( $value );
	}
	
	//',",<,>,*,/,-,#,&
	//check if this function exists : neu co ton tai thi PHP tu 5.0 tro len
	if( function_exists( "mysql_real_escape_string" ) )
	{
		$value = mysql_real_escape_string( $value );
	} 
	else 
	{ //for PHP version < 4.3.0 use addslashes
	$value = addslashes( $value );
	}
	
	//thoat ky tu : _ , %
	$value = str_replace("_","\_",$value);
    $value = str_replace("%","\%",$value); 

	return $value;
}
    
?>